# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=wolfssl
pkgver=5.6.6
_pkgver=$pkgver-stable
pkgrel=1
pkgdesc="Embedded TLS Library (built without OpenSSL compatibility layer)"
url="https://www.wolfssl.com/"
arch="all"
license="GPL-2.0-only"
depends_dev="$pkgname=$pkgver-r$pkgrel"
makedepends="
	autoconf
	automake
	libtool
	util-linux-misc
	"
subpackages="$pkgname-dev $pkgname-fast $pkgname-jni $pkgname-jni-dev:jni_dev"
source="https://github.com/wolfSSL/wolfssl/archive/v$_pkgver/wolfssl-$_pkgver.tar.gz"
builddir="$srcdir/$pkgname-$_pkgver"
options="!check"  # there are actually no tests! >_<

# secfixes:
#   5.6.6-r0:
#     - CVE-2023-6935
#     - CVE-2023-6937
#   5.6.2-r0:
#     - CVE-2023-3724
#   5.5.3-r0:
#     - CVE-2022-42905
#   5.5.1-r0:
#     - CVE-2022-39173
#   5.5.0-r0:
#     - CVE-2022-38152
#   5.4.0-r0:
#     - CVE-2022-34293
#   0:
#     - CVE-2023-6936

prepare() {
	default_prepare

	./autogen.sh

	cp -ar "$builddir" "$builddir~fast"
	cp -ar "$builddir" "$builddir~jni"
}

build() {
	local extra_opts=
	case "$CARCH" in
		x86_64) extra_opts="--enable-aesni";;
	esac

	_build \
		--enable-opensslcoexist

	cd "$builddir~fast"

	# TODO: Can we add --enable-sp, --enable-sp-asm - will it be ABI
	#  compatible with the variant without them?
	case "$CARCH" in
		 x86_64) extra_opts="$extra_opts --enable-intelasm";;
		 aarch64) extra_opts="$extra_opts --enable-armasm";;
	esac
	CFLAGS="${CFLAGS/-Os/} -O3" _build \
		--enable-bigcache \
		--enable-opensslcoexist \
		$extra_opts

	cd "$builddir~jni"
	_build \
		--enable-jni
}

_build() {
	# Note: Primary development uses automake, the support for CMake is
	# still under development.

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--enable-shared \
		--enable-static \
		--enable-reproducible-build \
		--disable-opensslall \
		--disable-opensslextra \
		--enable-aescbc-length-checks \
		--enable-curve25519 \
		--enable-ed25519 \
		--enable-ed25519-stream \
		--disable-oldtls \
		--enable-base64encode \
		--enable-tlsx \
		--enable-scrypt \
		--disable-examples \
		--enable-keygen \
		--enable-wolfssh \
		"$@"
	make
}

package() {
	provider_priority=100  # highest (other providers are $pkgname-fast and $pkgname-jni)

	make DESTDIR="$pkgdir" install

	# No useful stuff here.
	rm -rf "$pkgdir"/usr/share/doc
}

# XXX: I'm not entirely sure if it's ABI compatible with the default variant...
fast() {
	pkgdesc="$pkgdesc - optimized for performance"
	provides="$pkgname=$pkgver-r$pkgrel"
	provider_priority=50  # lower than $pkgname, higher than $pkgname-jni
	options="!tracedeps"

	mkdir -p "$subpkgdir"/usr/lib
	cp -P "$builddir~fast"/src/.libs/libwolfssl.so.* "$subpkgdir"/usr/lib/
}

jni() {
	pkgdesc="$pkgdesc - with jni support"
	provides="$pkgname=$pkgver-r$pkgrel"
	provider_priority=10  # lowest with $pkgname-fast (other provider is $pkgname)
	options="!tracedeps"

	mkdir -p "$subpkgdir"/usr/lib
	cp -P "$builddir~jni"/src/.libs/libwolfssl.so.* "$subpkgdir"/usr/lib/
}

jni_dev() {
	depends="$pkgname-jni=$pkgver-r$pkgrel !$pkgname-dev"

	cd "$builddir~jni"
	make DESTDIR="$subpkgdir" install

	rm -rf "$subpkgdir"/usr/share/doc
	rm "$subpkgdir"/usr/lib/libwolfssl.so.*
}

# XXX: Override this function from abuild to avoid unwanted dependency on
# wolfssl-fast in wolfssl-dev.
prepare_symlinks() {
	true
}

sha512sums="
d664ab1cd84d7c33d1b34eb934843292b7ffc07b922b4c483b45deeeeda5c425b673640e3049f731bfff364bd7e7c0c14e236afce36622a7d03242d3be0c7382  wolfssl-5.6.6-stable.tar.gz
"
